Support publish when using ManagedIdentity for AzureWebJobsStorage and Run From Package = 1

[pragnagopa]

Tracking item for "secretless" work. This needs to addressed in Core Tools publish flow for all the skus

• Windows Dedicated/EP/Consumption
• Linux Dedicated/EP
• Linux Consumption

Currently clients upload locally built app content blobs to storage using the connection string specified in AzureWebjobsStorage. When running in secretless mode, this appsetting will not be present.

TODO: Need to figure out a design to address this via Kudu or Client Tooling changes

[pragnagopa]

cc @balag0 @mattchenderson

@fabiocav / @AnatoliB - let's discuss offline to find an owner for this WI

[fabiocav]

@pragnagopa do you plan on adding more context here? I'll move this to triaged in the meantime as the scope of the work here isn't clear.

[pragnagopa]

@fabiocav - added more details and assigned to Sprint 108 to find an owner. Thanks!

[pragnagopa]

cc @karshinlin as FYI

[pragnagopa]

Related issues:

• Azure/azure-cli#25375

[pragnagopa]

If a Function App uses Azure Files + ManagedIdentity - remote build will not work as mounting Azure Files with MangedIdentity is not supported yet. @mattchenderson - please add related work item on storage for this.

[pragnagopa]

Adding notes from offline conversation with @balag0

When not using Azure Files but using Managed Identity for AzureWebJobsStorage

az functionapp deployment should default to remote build. As the app is not using Azure Files, if using Run from package =1, content will upload to data\sitePackages - Windows Consumption, Dedicated, Linux Dedicated.

When using Azure Files but using Managed Identity for AzureWebJobsStorage

• Remote build does not work without key vault references or full connection string. This is currently blocked on Azure Files supporting mounting vis Managed Identity.

[pragnagopa]

Work involved

• Publish flow should detect Managed Identity is being used for AzureWebJobsStorage and default to remote build --> Note this will only work if the App is not using Azure Files + Managed Identity

[brettsam]

@pragnagopa -- is this something that you want assigned to the Runtime team? Or did you have someone in mind to take this item?

[fabiocav]

@pragnagopa we may need to sync with @AnatoliB for assignment here (or someone on the team while he is OOF). I'll follow up offline.

[jbpaux]

Any update to provide ?

[bilby91]

Is there any plan to supported this in the short term ? Adding some documentation around the limitations should also help, I spent a long time trying to understand and later on figure out that this permutation doesn't work.